I found a version of DD-WRT for the Ac-1900P and it fixed the issue. I still prefer running Merlin, maybe at this point a flash back will fix the issue. Unless there are any other ideas to try and address the issue. Seems pretty obvious something got corrupted - doesn't seem like it was a hardware issue.Try with dd-wrt on it just for kicks.
So did this not change the outcome, or did you also switch to ddwrt during that 20 mins?I will pull power on the cable modem, give it a 20 minuted and it should pull a new IP.
If I browse to this website:
http://heroesforhire.us
I get a page off this website:
https://www.spiceoflifepharmacy.com
1. It only happens on devices connected to the router.
2. It happens on two different PC, all browsers and my android mobile
3. If I engage the VPN on the PC or switch to Verizion data - I get the correct website.
4. If I bypass the router and connect directly to Spectrum - I get the correct site.
5. I have tried a power reset, changing DNS servers - nothing changes it.
6. Cleared browser data, Windows DNS Cache - no effect.
7. If I navigate to any subpage the correct site comes up. (ex: http://heroesforhire.us/?page_id=17)
I am running an AC-1900P on 384.13. Did a full reset on the last firmware update, is there something I am missing?? Some routing table setting or cache that I have failed to clear?
Thanks !
The WAN IP didn't change when I swapped out the AC-1900P with the WRT-54. So by that I would conclude that the webserver was doing what it should and not giving our WAN IP weird content.So did this not change the outcome, or did you also switch to ddwrt during that 20 mins?
I think it was a refurb through Newegg, been running fine for two years now.Is that a refurbished or used 1900P?
Do you see this with other URLs besides the one in this thread?DD-WRT wasn't running the best on this router. 2G throughput was sketchy and clients had trouble accessing via 5G. reloaded 384.13 via rescue mode and the router is back to giving me erroneous sites.
Looks like its time to replace the router.
This is the only one I have discovered.Do you see this with other URLs besides the one in this thread?
If you ssh to the router, and run these commands, see if anything looks unusual/unexpected. Post the results if you are comfortable doing so. Looking for rogue web processes or dns processes, or iptables rules, unexpected partitions, etc.I did some more messing around with the router this morning.
I set up my PIA VPN on the router, and going through the VPN the result is still the same - which pretty much rules out any webserver/ISP issues - its solely focused on the router.
netstat -nltup
iptables -t nat -S
cat /etc/dnsmasq.conf
cat /tmp/resolv.dnsmasq
df
If you ssh to the router, and run these commands, see if anything looks unusual/unexpected. Post the results if you are comfortable doing so. Looking for rogue web processes or dns processes, or iptables rules, unexpected partitions, etc.
Code:netstat -nltup iptables -t nat -S cat /etc/dnsmasq.conf cat /tmp/resolv.dnsmasq df
Nothing looks out of the ordinary. I might disable WPS under WiFi. Are you aware of those port forwards for 3074 and 3075? Just want to make sure they're intentional. You can probably delete the iptable.txt attachment since it includes your WAN IP and you don't need anymore problems.See attached txt files.
They're normal. It's for the Sony PlayStation Network (I think the xbox might use the same ports as well).Are you aware of those port forwards or 3074 and 3075?
curl -v http://heroesforhire.us/ | more
/tmp/home/root# curl http://heroesforhire.us/ -o hero.htm
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 665k 0 665k 0 0 65333 0 --:--:-- 0:00:10 --:--:-- 161k
/tmp/home/root# ll
-rw-rw-rw- 1 admin root 681885 Oct 26 15:00 hero.htm
Its returning code that looks very similar to the pharmacy site - nothing like what is supposed to be on the heroesforhire page. Basically mirroring what the browser is doing.How about running this on the router and seeing if the HTML looks like it's from the correct site or not?
or save it to a file:Code:curl -v http://heroesforhire.us/ | more
Code:/tmp/home/root# curl http://heroesforhire.us/ -o hero.htm % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 665k 0 665k 0 0 65333 0 --:--:-- 0:00:10 --:--:-- 161k /tmp/home/root# ll -rw-rw-rw- 1 admin root 681885 Oct 26 15:00 hero.htm
Ok, just throw the router away. It’s possessed.Its returning code that looks very similar to the pharmacy site - nothing like what is supposed to be on the heroesforhire page. Basically mirroring what the browser is doing.
And time, if necessary, to see if an exorcist can help.I have an RT-AC86U coming from Amazon today. Will see if there is any difference in performance or it fixes the problem. I have time to return if its acts the same.
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!